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DETAILED ACTION 

1. This action is responsive to the communication filed on August 1, 2007. 
Claims 1-24 are pending. Claims 12, 14-15, 17, and 21 are canceled by the applicant. 
At this time, claims 1-11, 13, 16, 18-20, and 22-24 are still rejected. 

Response to Arguments 

2. Applicant's arguments with respect to claims 1-11, 13, 16, 18-20, 22-24 
have been considered but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 112 

3 The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4 Claims 1, 9, 13, 18, and 20 are rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and distinctly claim the 
subject matter which applicant regards as the invention. 

a. Referring to claim 1: 

It appears that the amended limitation cited "wherein said sign-on 
credentials are encrypted with the public key associated with the host server for which 
the sign-on credentials were most recently used to authenticate the user " is not 
clearly explained anywhere in the specification, specially for the limitation that 
underlined by the examiner. Applicant is required to point out where in the specification 
that teaches this limitation and appropriate correction is required. 

b. Referring to claim 9: 

It appears that the amended limitation cited "wherein said 
credentials are encrypted using a public key associated with the host server that the 
client workstation most recently accessed " is not clearly explained anywhere in the 
specification, specially for the limitation that underlined by the examiner. Applicant is 
required to point out where in the specification that teaches this limitation and 
appropriate correction is required. 

c. Referring to claim 13: 
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It appears that the amended limitation cited " decrypted, and then 
encrypted using a second public key associated with a second computer, the first 
public key being different than the second public key " is not clearly explained 
anywhere in the specification, specially for the limitation that underlined by the 
examiner. Applicant is required to point out where in the specification that teaches this 
limitation and appropriate correction is required. 

d. Referring to claims 18 and 20: 

It appears that the amended limitation cited " a different public key 
being associated with each of multiple means for hosting " is not clearly explained 
anywhere in the specification, specially for the limitation that underlined by the 
examiner. Applicant is required to point out where in the specification that teaches this 
limitation and appropriate correction is required. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1-11, 13, 16, 18-20, 22-24 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Biswas et al (US 7, 1 74,383 B1), and further in view of Fang et 
al (US 6,240,512 B1). 

a. Referring to claim 1: 

i. Biswas teaches a system, comprising: 

(1) a client workstation (see Figure 1, elements 104 and 

108 of Biswas); 

(2) a single sign-on ("SSO") server accessible to the 
client workstation (see Figure 1, elements 112, 104, and 108 and column 4, lines 7- 
16 of Biswas); 
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(3) a plurality of host servers accessible to the client 
workstation, a unique public key being associated with each host server (see Figure 1, 
elements 114, 116, and 118 and column 3, line 14, lines 32-33 of Biswas); 

(4) wherein access by the client workstation to a first host 
server causes the client workstation to be automatically re-directed to the SSO server 
and the SSO server causes the client workstation to request sign-on credentials from a 
user if the user has not signed on to any of the host servers, and wherein the first host 
server, not the SSO server, authenticates the user (see abstract and column 1, line 
67 through column 2, line 8; column 3, lines 65 through column 4, line 17 of 
Biswas); and 

(5) wherein said sign-on credentials are used to 
authenticate the user upon accessing each host server (see abstract and column 2, 
lines 1-8 of Biswas). 

ii. Although Biswas teaches wherein said sign-on credentials 
are encrypted with the public key associated with the host server for which the sign-on 
credentials were most recently used to authenticate the user (column 4, lines 27-33 of 
Biswas), Biswas is silent on the capability of encrypting with the public key. On the 
other hand, Fang teaches this limitation in column 1, lines 45-55; column 10, lines 10- 
14 of Fang. 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) have modified the invention of Biswas (if indeed token 
is not a public or private key) with the teaching of Fang for securing the password (e.g., 
public key) storage/management by implementing a single-sign-on (SSO) mechanism 
that coordinates logons to local and remote resources in a computer enterprise with 
preferably one ID and password (column 2, lines 18-27 of Biswas). 

iv. The ordinary skilled person would have been motivated to: 
(1) have modified the invention of Biswas (if indeed token 

is not a public or private key) with the teaching of Fang to facilitate single-sign-on 
services in a hosting environment (column 1, lines 62-63 of Biswas). 
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b. Referring to claim 2: 

i. Biswas further teaches: 

(1) upon being re-directed to the SSO server, the first 
host server supplies the SSO server with security information that is used to encrypt 
sign-on credentials (column 3, lines 65 through column 4, line 17 of Biswas). 

b. Referring to claim 3: 

i. Biswas further teaches: 

(1) wherein the user's sign-on credentials are stored in 
the client workstation (column 3, lines 25-30 of Biswas). 

c. Referring to claim 4: 

i. Biswas further teaches: 

(1) wherein the user's sign-on credentials are stored in 
the SSO server (column 4, lines 40-42 of Biswas). 

d. Referring to claim 5: 

i. Biswas further teaches: 

(1) after the first host server authenticates the user, the 
client workstation accesses a second host server which causes the client workstation to 
be automatically re-directed to the SSO server, and wherein the SSO server causes the 
sign-on credentials to be retrieved and used by the second host server to authenticate 
the user without the user supplying additional sign-on credentials (see abstract and 
column 1, line 67 through column 2, line 8; column 3, lines 65 through column 4, 
line 17 of Biswas). 

e. Referring to claims 6 and 7: 

i. These claims have limitations that is similar to those of 
claims 3 and 4, thus they are rejected with the same rationale applied against claims 3 
and 4 above. Furthermore, cookie is stored in the web browser for later use. The next 
time user go to the same website, user's browser will send the cookie to the web server, 
as shown in Figure 2 of user computer. In addition, token is cookie (column 3, lines 
60-64 of Biswas). 

f. Referring to claim 8: 
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i. Biswas further teaches: 

(1) after requesting sign-on credentials from the user, the 
client workstation is automatically re-directed back to the first host server to authenticate 
the user (see abstract and column 1, line 67 through column 2, line 8; column 3, 
lines 65 through column 4, line 17 of Biswas), 
g. Referring to claim 9: 

i. Biswas teaches a client workstation configured to access 
any one or more of a plurality of services (see Figures 1 and 2 of Biswas), comprising: 

(1) a CPU; an input device coupled to the CPU; and 
storage coupled to the CPU (see Figures 1-2 and column 3, lines 8-19; column 4, 
lines 17-34 of Biswas), said storage containing a browser that is executed by the CPU 
and that causes the workstation to: 

(2) browse to a service that runs in a host server (see 
Figure 2, element 202 and column 4, lines 25-28 of Biswas); 

(3) automatically re-direct to a single sign-on ("SSO") 
server; and permit the host server to authenticate a user either by requiring the user to 
enter credentials via the input device if the user has not already signed-on to a service 
and providing the credentials to the host server or, without the user entering credentials, 
by providing credentials previously stored in the storage to the host server if the user 
has already signed-on to a service and providing the credentials to the host server (see 
abstract and column 1, line 67 through column 2, line 8; column 3, lines 65 
through column 4, line 17 of Biswas); 

(4) wherein said credentials are encrypted using a public 
key associated with the host server that the client workstation most recently accessed 
[see abstract and column 2, lines 1-8 of Biswas). 

ii. Although Biswas teaches wherein said sign-on credentials 
are encrypted with the public key associated with the host server for which the sign-on 
credentials were most recently used to authenticate the user (column 4, lines 27-33 of 
Biswas), Biswas is silent on the capability of encrypting with the public key. On the 
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other hand, Fang teaches this limitation in column 1, lines 45-55; column 10, lines 10- 
14 of Fang 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) have modified the invention of Biswas (if indeed token 
is not a public or private key) with the teaching of Fang for securing the password (e.g., 
public key) storage/management by implementing a single-sign-on (SSO) mechanism 
that coordinates logons to local and remote resources in a computer enterprise with 
preferably one ID and password (column 2, lines 18-27 of Biswas). 

iv. The ordinary skilled person would have been motivated to: 
(1) have modified the invention of Biswas (if indeed token 

is not a public or private key) with the teaching of Fang to facilitate single-sign-on 
services in a hosting environment (column 1, lines 62-63 of Biswas). 

h. Referring to claim 10: 

i. Biswas further teaches: 

(1) the CPU (column 3, lines 8-19) further causes the 
workstation to be re-directed back to the service to permit the host server to 
authenticate the user (see abstract and column 1, line 67 through column 2, line 8; 
column 3, lines 65 through column 4, line 17 of Biswas). 

i. Referring to claim 11: 

i. Biswas further teaches: 

(1) wherein the credentials are stored in the storage 
(column 4, lines 14-16 and lines 40-42 of Biswas), 
j. Referring to claim 12: 

i. This claim is canceled by the applicant 
k. Referring to claims 13. 16. and 18-19: 

i. These claims have limitations that is similar to those of 
claims 1-11, thus they are rejected with the same rationale applied against claim 11 
above. 
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ii. As for claim 16, Biswas further teaches wherein the CPU ■ 
decrypts the credentials using the private key associated with the host computer 
(column 4, lines 51-55 of Biswas). 

iii. Although Biswas teaches decrypts the credentials (column 
4, lines 27-33 of Biswas), Biswas is silent on the capability of decrypting the 
credentials using the private key. On the other hand, Fang teaches this limitation in 
column 1, lines 50-55; column 10, lines 10-14 of Fang. 

iv. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) have modified the invention of Biswas (if indeed token 
is not a public or private key) with the teaching of Fang for securing the password (e.g., 
public key) storage/management by implementing a single-sign-on (SSO) mechanism 
that coordinates logons to local and remote resources in a computer enterprise with 
preferably one ID and password (column 2, lines 18-27 of Biswas). 

v. The ordinary skilled person would have been motivated to: 
(1) have modified the invention of Biswas (if indeed token 

is not a public or private key) with the teaching of Fang to facilitate single-sign-on 
services in a hosting environment (column 1, lines 62-63 of Biswas). 
I. Referring to claims 20. 22-24: 

i. These claim consist a computer program product for making 
trust management determinations to implement claims 1 and 9, they are rejected with 
the same rationale applied against claim 12 above. 

Conclusion 

7. Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See 
MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 
37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to 
expire THREE MONTHS from the mailing date of this action. In the event a first reply is 
filed within TWO MONTHS of the mailing date of this final action and the advisory action 
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is not mailed until after the end of the THREE-MONTH shortened statutory period, then 
the shortened statutory period will expire on the date the advisory action is mailed, and 
any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date 

a 

of the advisory action. In no event, however, will the statutory period for reply expire 
later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Thanhnga (Tanya) Truong 
whose telephone number is 571-272-3858. 

If attempts to reach the examiner by telephone are unsuccessful, 
the examiner's supervisor, Kim Vu can be reached at 571-272-3859. The fax and 
phone numbers for the organization where this application or proceeding is assigned is 
571-273-8300. 

Any inquiry of a general nature or relating to the status of this 
application or proceeding should be directed to the receptionist whose telephone 
number is 571-272-2100. 

TBT f fiW^V FlCA^W A(J2J3i 

October 14, 2007 



